An independent publication on agentic AI governance in financial services.
Ghost in the Org Chart is an independent editorial publication focused on the governance gap between how financial institutions deploy agentic AI and what regulators expect to find when they examine those deployments.
The name is literal. Most institutions operating autonomous AI agents today cannot produce a complete inventory of what those agents are, what they are authorized to do, or who owns them. The agents are real. The governance is not. The ghost is already in your org chart.
This site documents the gap — through regulatory analysis, diagnostic tools, and case-based writing — and offers a framework for closing it: three primitives every agentic deployment needs. An identity. A boundary. A visible signal.
Hari Asok has spent his career in financial services, working across product, compliance, and technology functions. He started writing about agentic AI governance because the regulatory frameworks weren't keeping up with what was actually being deployed — and the gap was getting harder to ignore.
All views expressed on this site are his own and do not represent or reflect the views of any current or former employer. This is an independent project, written in a personal capacity.
Ghost in the Org Chart is not legal advice, compliance advice, or regulatory guidance. The regulatory summaries and interpretations published here are for informational and educational purposes only. Nothing on this site constitutes an official interpretation of any regulatory notice, rule, or guidance document. Readers should consult their own legal counsel and compliance teams before acting on any information presented here.
This site does not represent the views of FINRA, the OCC, the Federal Reserve, the FDIC, the IMF, the FCA, the Bank of England, or any other regulatory body referenced in its content.
The Diagnostic Indicator on the homepage is an educational tool — not a compliance determination. A high score does not constitute a regulatory finding. A low score does not confirm compliance. Use it for inspiration to start a conversation with your legal and compliance teams, not as a substitute for one.
Quiz response data is not currently stored or transmitted. If aggregate anonymized data is collected in the future to understand engagement patterns, this page will be updated to reflect that.
New pieces go out via Substack when there is something worth saying — typically when a regulatory development, a pattern across institutions, or a governance failure warrants a closer look. No fixed cadence. Subscribe if that sounds useful.
Subscriber data is handled by Substack in accordance with their privacy policy.
For substantive questions, corrections, or press inquiries, reach out via LinkedIn.